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CLAIMS 

An access control protocol between an 
electronic key (EK kj ) and an electronic lock (B ± ) 
performing access control, in which protocol, following 
presentation of said electronic key (EK kj ) to said 
electronic; lock (BJ , a random variable message (a i:j ) 
prompting ^authentication °f the electronic key (EK kj ) is 
transmitted^ f rom said electronic lock to said electronic 
key, characterised in that, on receiving said random 
variable message prompting authentication, the 

protocol consists of at least, in succession: 

- calculating and transmitting from said electronic 
key (EK kj ) to \said electronic lock (B A ) a digital 
signature value of said random variable message prompting 
authentication basVd on a private signature key (K' s ) and 



specific authentication dajfefa) 
authentication data\ transmitted by\ 
(EK kj ) to said electronic lock m ± ) 
one public key (K' p )\ certifica 



said specific 
said electronic key 
nsisting of at least 
associated with said 



private signature key\(K' s ), said public key certificate 
consisting of a digitalv signature value of at least one 
validity time period (PhV) relating to a right of access 
and of said public key P ) / said signature value being 
calculated from another \private signature key (Kg) 
associated with another pmblic key (K p ) , and, after 
reception by said electronic \Lock of said signature value 
(Ci) and said specific authentication data (Da.,) : 



verification 



(1003) 



'KPK 



, p ( (Ci,Daj ) )by said 



electronic lock (Bj of the authenticity of said signature 
value {C ± ) as a function of said Vpecific authentication 
data (Da.,) and, in response to a positive or negative 
result of said verification: 

- acceptance or respectively refusal of said access. 

2. A protocol according to clainryl, characterised 
in that said step of verification of saio\signature value 
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by\aid electronic lock includes, in succession: 

\ - verification (1003a) by said electronic lock (B ± ) 
of they authenticity of said specific authentication data 
based orv. comparison with reference data and, in the event 
of a positive result of said comparison: 

- verification (1003b) by said electronic lock (BJ 
of said signature value (Cj as a function of said 
specific authentication data (Daj) . 

3. A protocol according to claims 1 and 2, 
characterised inVthat said step of verification by said 
electronic lock \f the authenticity of said specific 
authentication dat^a (Daj) consists of checking said 
validity time period\(PHj) associated wi£h said public key 

(K' P ). \ /| 

4. A protocol according to claim A 2, characterised 
in that validity time period (PHj) include a plurality of 
non- contiguous time intervals. 

5. A protocol according to claim 2 or claim 3, 
characterised in that each\validity time period (PHj) 
consists of at least one time\interval having two limits 
each expressed as a date in tern\s of day, month, year and 
a time in terms of hour, minute, ^second. 

6. A protocol according ta any preceding claim, 
characterised in that said random Variable message (a ±j ) 
prompting authentication is a \ function of an 
identification value (CJ of said electronic lock (Bi) and 
a continuously increasing variable value. (CO) . 

7. A protocol according to any ofy claims 1 to 6, 
characterised in that, after reception cs>f said random 
variable message (a^) prompting authentication by said 
electronic key (EK kj ) but before the step of\ calculation 
and transmission of a signature value (cA by said 
electronic key, said electronic key (EK kj ) having an 
internal clock, said protocol further consists^ of an 
auxiliary verification step (1007) for authorising 
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calculation of the signature of said random variable 
messuage prompting authentication, said auxiliary 
verification step (1007) consisting of: 

\ using the other public key (K p ) associated with 
said other private signature key (Kg) to verify (1007a) 
said public key (K' p ) certificate and said validity time 
period (PHjjVassociated with said public key against said 
internal clock, to verify the validity of said public 
key) , \ 

- verifyingS. (1007b) the association of said private 
signature key (K'\) and said public key (K' p ), whose 
validity has been verified in the preceding step, and, on 
the basis of posit\ve and negative result criteria 
(1007c) for the preceding two verification steeps: 

- continuing (lOOT^e) or respectively j( interrupting 
(1007d) said access control protocol. 

8. A protocol according to any ojf claims 2 to 7, 
characterised in that it further comprises^ a plurality of 
tests limiting all attack outside said validity time 
period, which tests are performed during said step of 
verification by said electronic lock (B^ of the 
authenticity of said signature value (Ci) , after said step 
(1003a) of verification by said electronic lock (Bi) of 
the authenticity of the specific authentication data (Da.)) 
consisting of checking said validity time period 
associated with said public key (K' p ) but before said step 
(1003b) of verification by said electronic lock (Bi) of 
the authenticity of said signature value\ said protocol 
further comprising a plurality of tests (11903a!) limiting 
any attack outside said validity time period\(PHj) . 

9. A protocol according to any of claims 1 to 8, 
characterised in that it comprises, before ssfcid step of 
calculation and transmission from said electronic key 
(EK kj ) to said electronic lock (Bi) of a signature value 
(C^) of said random variable message (a i;l ) prompting 
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authentication and specific authentication data (DA-j) , 
sa\d electronic key including a real-time clock: 

\ - a step (1007CJ of testing if a time variable 
delivered by said real-time clock is inside said validity 
time beriod (PHj) and, in the event of a negative result 
of saick test: 

- av step (1007c 3 ) of invalidation of said electronic 
key interrupting said access control and leading to 
refusal of ^eaid access by said electronic lock. 

10. An\ electronic key comprising cryptographic 
calculation niteans (C ak ) and message or data transmission 
means (T k ) f or Vmplementing a protocol according to any of 
claims 1 to 9 \for controlling access to an electronic 
lock (B ± ) by saick electronic key (EKy) , characterised in 
that, in addition fco a central procy^s^r unit (CPU) , said 
cryptographic calculation means (C a /) iJclude at least: 

- a protected access memory irea/\(l) for storing at 
least one private signature keK/(K\) and specific 
authentication data (Da>0, said specific authentication 
data (Daj) consisting of\at least one public key (K' p ) 
certiificate consisting of\a digital signature value of 
at least one validity time\period (PHj ) relating to a 
right of access and said publics key (K' p ), and 

- a read-only memory (4) Vised to call programs for 
calculating the digital signature value of a random 
variable message (a ±j ) delivered W said electronic lock 
(Bi) using said private signature k^y (K' s ) . 

11. An electronic lock comprising cryptographic 
calculation means (C ai ) and message or data transmission 
means (TJ for implementing a protocol according to any of 
claims 1 to 9 for controlling access tovsaid electronic 
lock by an electronic key (EK kj ), characterised in that, 
in addition to a central processor unitV (CPU) , said 
calculation means (C ai ) include at least: \ 

- a protected access memory area (5) forNstoring at 
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